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WHAT IS CLAIMED IS: 



1 1 . A method comprising the steps of: 

2 receiving from a customer over a network an application for a credit card 

3 authorization, a non-migratable key, a first certificate by a Trusted Platform Module 

4 (TPM) identity associated with a computer system used by the customer, and a second 

5 certificate acquired by the computer system from a Certification Authority (CA); 

6 creating a public/private key pair and a third certificate in response to the 

7 receiving step; and 

8 sending the public/private key pair and the third certificate to the customer over 

9 the network. 

1 2. The method as recited in claim 1 , wherein after the sending step, the customer is 

2 capable of using the public/private key pair and the third certificate to make purchases 

3 over the network. 

1 3. The method as recited in claim 1, wherein the TPM identity is a public/private 

2 key pair created as a result of a command by the customer input into the computer 

3 system. 

1 4. The method as recited in claim 1 , wherein the second certificate is created by the 

2 Certification Authority in response to receiving a third certificate signed by a 

3 manufacturer of the TPM and a public key of the TPM identity. 
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1 5. The method as recited in claim 4, wherein the third certificate is associated with 

2 an endorsement key of the TPM. 

1 6. The method as recited in claim 1, wherein the network is the Internet. 

2 7. A method comprising the steps of: 

3 creating a TPM identity at a customer' s computer system; 

4 the customer's computer system obtaining a first certificate from a first server 

5 supporting a CA over a network; 

6 the customer' s computer system creating a non-migratable key; and 

7 transferring an application for a credit card authorization, the TPM identity, the 

8 non-migratable key, and the first certificate from the customer's computer system to a 

9 second server supporting a credit card company. 

1 8. The method as recited in claim 7, further comprising the steps of: 

2 the second server supporting the credit card company creating a public/private 

3 key pair and a second certificate in response to the transferring step; and 

4 transferring the public/private key pair and the second certificate from the second 

5 server supporting the credit card company to the customer's computer system. 
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1 9. The method as recited in claim 8, wherein the step of transferring the 

2 public/private key pair and the second certificate from the second server supporting the 

3 credit card company to the customer's computer system is performed using a traditional 

4 mail service. 

1 10. The method as recited in claim 8, wherein the step of transferring the 

2 public/private key pair and the second certificate from the second server supporting the 

3 credit card company to the customer's computer system is performed using the network. 

4 11. The method as recited in claim 8, further comprising the step of: 

5 a customer using the public/private key pair and the second certificate for 

6 commercial transactions over the network. 

1 12. The method as recited in claim 1 1 , wherein the network is the Internet. 

1 13. The method as recited in claim 7, wherein the creating step further comprises 

2 creating a public/private key pair. 
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1 14. The method as recited in claim 13, wherein the step of the customer's computer 

2 system obtaining the first certificate from the first server supporting the CA over the 

3 network further comprises the steps of: 

4 transferring from the customer's computer system to the first server supporting 

5 the C A a public portion of the public/private key pair created when the TPM identity is 

6 created and a third certificate associated with an endorsement key of the TPM; 

7 the CA checking an authenticity of the third certificate; 

8 the CA creating a fourth certificate for the TPM identity; 

9 the CA encrypting the fourth certificate; 

10 the CA bundling the encrypted fourth certificate with the public portion of the 

1 1 public/private key pair created when the TPM identity is created to create a first bundle; 

12 and 

13 the CA encrypting the first bundle with a public key of the third certificate to 

14 create a second bundle. 

1 15. The method as recited in claim 14, wherein the step of transferring the 

2 public/private key pair and the second certificate from the second server supporting the 

3 credit card company to the customer' s computer system further comprises the steps of: 

4 the TPM decrypting the second bundle with a private portion of the third 

5 certificate producing the first bundle; and 

6 the TPM decrypting the first bundle with a private portion of the public/private 

7 key pair created when the TPM identity is created. 
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1 16. A computer program product adaptable for storage on a computer readable 

2 medium, comprising the program steps of: 

3 receiving from a customer over a network an application for a credit card 

4 authorization, a non-migratable key, a first certificate by a Trusted Platform Module 

5 (TPM) identity associated with a computer system used by the customer, and a second 

6 certificate acquired by the computer system from a Certification Authority (CA); 

7 creating a public/private key pair and a third certificate in response to the 

8 receiving step; and 

9 sending the public/private key pair and the third certificate to the customer over 
10 the network. 

1 17. The computer program product as recited in claim 16, wherein after the sending 

2 step, the customer is capable of using the public/private key pair and the third certificate 

3 to make purchases over the network. 

1 1 8. The computer program product as recited in claim 16, wherein the TPM identity 

2 is a public/private key pair created as a result of a command by the customer input into 

3 the computer system. 

1 19. The computer program product as recited in claim 16, wherein the second 

2 certificate is created by the Certification Authority in response to receiving a third 

3 certificate signed by a manufacturer of the TPM and a public key of the TPM identity. 
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20. The computer program product as recited in claim 19, wherein the third certificate 
is associated with an endorsement key of the TPM. 

21. A computer program product adaptable for storage on a computer readable 
medium, comprising the program steps of: 

creating a TPM identity; 

obtaining a first certificate from a CA; 

creating a non-migratable key; 

contacting a web site supporting a credit card company; 

sending to the web site an application for a credit card authorization, the TPM 
identity, the first certificate, and the non-migratable key; and 

receiving from the web site a public/private key pair and a second certificate 
enabling the credit card authorization. 

22. The computer program product as recited in claim 21, further comprising the 
program step of: 

conducting a commercial transaction over the Internet using the credit card 
authorization as enabled by the public/private key pair and the second certificate. 
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23 . The computer program product as recited in claim 2 1 , wherein the non-migratable 
key is a signing key. 

24. The computer program product as recited in claim 21 , wherein the non-migratable 
key is a storage key. 
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1 25. A system comprising: 

2 a server supporting a web site of a credit card company; 

3 a customer computer including a TPM; 

4 a network linked to the server and the customer computer; 

5 first software stored in memory in the customer computer for requesting the TPM 

6 to create a TPM identity; 

7 second software stored in memory in the customer computer for obtaining a first 

8 certificate over the network from a CA; 

9 third software stored in memory in the customer computer for creating a 

10 non-migratable key; 

1 1 fourth software stored in memory in the customer computer for browsing the web 

12 site of the credit card company over the network; 

13 fifth software stored in memory in the customer computer for sending an 

14 application for a credit card authorization to the web site of the credit card company over 

15 the network; 

16 sixth software stored in memory in the customer computer for sending to the web 

17 site of the credit card company over the network the TPM identity, the first certificate, 

18 and the non-migratable key; 

19 the web site of the credit card company creating a public/private key pair and a 

20 second certificate; and 

21 the web site of the credit card company sending the public/private key pair and 

22 the second certificate over the network to the customer computer. 
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